flipper-cloud 0.28.3 → 1.0.0

data/lib/flipper/cloud/middleware.rb

@@ -1,63 +0,0 @@
-# frozen_string_literal: true
-
-require "flipper/cloud/message_verifier"
-
-module Flipper
-  module Cloud
-    class Middleware
-      # Internal: The path to match for webhook requests.
-      WEBHOOK_PATH = %r{\A/webhooks\/?\Z}
-      # Internal: The root path to match for requests.
-      ROOT_PATH = %r{\A/\Z}
-
-      def initialize(app, options = {})
-        @app = app
-        @env_key = options.fetch(:env_key, 'flipper')
-      end
-
-      def call(env)
-        dup.call!(env)
-      end
-
-      def call!(env)
-        request = Rack::Request.new(env)
-        if request.post? && (request.path_info.match(ROOT_PATH) || request.path_info.match(WEBHOOK_PATH))
-          status = 200
-          headers = {
-            "Content-Type" => "application/json",
-          }
-          body = "{}"
-          payload = request.body.read
-          signature = request.env["HTTP_FLIPPER_CLOUD_SIGNATURE"]
-          flipper = env.fetch(@env_key)
-
-          begin
-            message_verifier = MessageVerifier.new(secret: flipper.sync_secret)
-            if message_verifier.verify(payload, signature)
-              begin
-                flipper.sync
-                body = JSON.generate({
-                  groups: Flipper.group_names.map { |name| {name: name}}
-                })
-              rescue Flipper::Adapters::Http::Error => error
-                status = error.response.code.to_i == 402 ? 402 : 500
-                headers["Flipper-Cloud-Response-Error-Class"] = error.class.name
-                headers["Flipper-Cloud-Response-Error-Message"] = error.message
-              rescue => error
-                status = 500
-                headers["Flipper-Cloud-Response-Error-Class"] = error.class.name
-                headers["Flipper-Cloud-Response-Error-Message"] = error.message
-              end
-            end
-          rescue MessageVerifier::InvalidSignature
-            status = 400
-          end
-
-          [status, headers, [body]]
-        else
-          @app.call(env)
-        end
-      end
-    end
-  end
-end

data/lib/flipper/cloud/routes.rb

@@ -1,13 +0,0 @@
-# Default routes loaded by Flipper::Cloud::Engine
-Rails.application.routes.draw do
-  if ENV["FLIPPER_CLOUD_TOKEN"] && ENV["FLIPPER_CLOUD_SYNC_SECRET"]
-    config = Rails.application.config.flipper
-
-    cloud_app = Flipper::Cloud.app(nil,
-      env_key: config.env_key,
-      memoizer_options: { preload: config.preload }
-    )
-
-    mount cloud_app, at: config.cloud_path
-  end
-end

data/lib/flipper/cloud.rb

@@ -1,57 +0,0 @@
-require "flipper"
-require "flipper/middleware/setup_env"
-require "flipper/middleware/memoizer"
-require "flipper/cloud/configuration"
-require "flipper/cloud/dsl"
-require "flipper/cloud/middleware"
-require "flipper/cloud/engine" if defined?(Rails::Engine)
-
-module Flipper
-  module Cloud
-    # Public: Returns a new Flipper instance with an http adapter correctly
-    # configured for flipper cloud.
-    #
-    # token - The String token for the environment from the website.
-    # options - The Hash of options. See Flipper::Cloud::Configuration.
-    # block - The block that configuration will be yielded to allowing you to
-    #         customize this cloud instance and its adapter.
-    def self.new(options = {})
-      configuration = Configuration.new(options)
-      yield configuration if block_given?
-      DSL.new(configuration)
-    end
-
-    def self.app(flipper = nil, options = {})
-      env_key = options.fetch(:env_key, 'flipper')
-      memoizer_options = options.fetch(:memoizer_options, {})
-
-      app = ->(_) { [404, { 'Content-Type'.freeze => 'application/json'.freeze }, ['{}'.freeze]] }
-      builder = Rack::Builder.new
-      yield builder if block_given?
-      builder.use Flipper::Middleware::SetupEnv, flipper, env_key: env_key
-      builder.use Flipper::Middleware::Memoizer, memoizer_options.merge(env_key: env_key)
-      builder.use Flipper::Cloud::Middleware, env_key: env_key
-      builder.run app
-      klass = self
-      app = builder.to_app
-      app.define_singleton_method(:inspect) { klass.inspect } # pretty rake routes output
-      app
-    end
-
-    # Private: Configure Flipper to use Cloud by default
-    def self.set_default
-      Flipper.configure do |config|
-        config.default do
-          if ENV["FLIPPER_CLOUD_TOKEN"]
-            self.new(local_adapter: config.adapter)
-          else
-            warn "Missing FLIPPER_CLOUD_TOKEN environment variable. Disabling Flipper::Cloud."
-            Flipper.new(config.adapter)
-          end
-        end
-      end
-    end
-  end
-end
-
-Flipper::Cloud.set_default

data/spec/flipper/cloud/configuration_spec.rb

@@ -1,261 +0,0 @@
-require 'flipper/cloud/configuration'
-require 'flipper/adapters/instrumented'
-
-RSpec.describe Flipper::Cloud::Configuration do
-  let(:required_options) do
-    { token: "asdf" }
-  end
-
-  it "can set token" do
-    instance = described_class.new(required_options)
-    expect(instance.token).to eq(required_options[:token])
-  end
-
-  it "can set token from ENV var" do
-    ENV["FLIPPER_CLOUD_TOKEN"] = "from_env"
-    instance = described_class.new(required_options.reject { |k, v| k == :token })
-    expect(instance.token).to eq("from_env")
-  end
-
-  it "can set instrumenter" do
-    instrumenter = Object.new
-    instance = described_class.new(required_options.merge(instrumenter: instrumenter))
-    expect(instance.instrumenter).to be(instrumenter)
-  end
-
-  it "can set read_timeout" do
-    instance = described_class.new(required_options.merge(read_timeout: 5))
-    expect(instance.read_timeout).to eq(5)
-  end
-
-  it "can set read_timeout from ENV var" do
-    ENV["FLIPPER_CLOUD_READ_TIMEOUT"] = "9"
-    instance = described_class.new(required_options.reject { |k, v| k == :read_timeout })
-    expect(instance.read_timeout).to eq(9)
-  end
-
-  it "can set open_timeout" do
-    instance = described_class.new(required_options.merge(open_timeout: 5))
-    expect(instance.open_timeout).to eq(5)
-  end
-
-  it "can set open_timeout from ENV var" do
-    ENV["FLIPPER_CLOUD_OPEN_TIMEOUT"] = "9"
-    instance = described_class.new(required_options.reject { |k, v| k == :open_timeout })
-    expect(instance.open_timeout).to eq(9)
-  end
-
-  it "can set write_timeout" do
-    instance = described_class.new(required_options.merge(write_timeout: 5))
-    expect(instance.write_timeout).to eq(5)
-  end
-
-  it "can set write_timeout from ENV var" do
-    ENV["FLIPPER_CLOUD_WRITE_TIMEOUT"] = "9"
-    instance = described_class.new(required_options.reject { |k, v| k == :write_timeout })
-    expect(instance.write_timeout).to eq(9)
-  end
-
-  it "can set sync_interval" do
-    instance = described_class.new(required_options.merge(sync_interval: 1))
-    expect(instance.sync_interval).to eq(1)
-  end
-
-  it "can set sync_interval from ENV var" do
-    ENV["FLIPPER_CLOUD_SYNC_INTERVAL"] = "5"
-    instance = described_class.new(required_options.reject { |k, v| k == :sync_interval })
-    expect(instance.sync_interval).to eq(5)
-  end
-
-  it "passes sync_interval into sync adapter" do
-    # The initial sync of http to local invokes this web request.
-    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
-
-    instance = described_class.new(required_options.merge(sync_interval: 1))
-    poller = instance.send(:poller)
-    expect(poller.interval).to eq(1)
-  end
-
-  it "can set debug_output" do
-    instance = described_class.new(required_options.merge(debug_output: STDOUT))
-    expect(instance.debug_output).to eq(STDOUT)
-  end
-
-  it "defaults adapter block" do
-    # The initial sync of http to local invokes this web request.
-    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
-
-    instance = described_class.new(required_options)
-    expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
-  end
-
-  it "can override adapter block" do
-    # The initial sync of http to local invokes this web request.
-    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
-
-    instance = described_class.new(required_options)
-    instance.adapter do |adapter|
-      Flipper::Adapters::Instrumented.new(adapter)
-    end
-    expect(instance.adapter).to be_instance_of(Flipper::Adapters::Instrumented)
-  end
-
-  it "defaults url" do
-    instance = described_class.new(required_options.reject { |k, v| k == :url })
-    expect(instance.url).to eq("https://www.flippercloud.io/adapter")
-  end
-
-  it "can override url using options" do
-    options = required_options.merge(url: "http://localhost:5000/adapter")
-    instance = described_class.new(options)
-    expect(instance.url).to eq("http://localhost:5000/adapter")
-
-    instance = described_class.new(required_options)
-    instance.url = "http://localhost:5000/adapter"
-    expect(instance.url).to eq("http://localhost:5000/adapter")
-  end
-
-  it "can override URL using ENV var" do
-    ENV["FLIPPER_CLOUD_URL"] = "https://example.com"
-    instance = described_class.new(required_options.reject { |k, v| k == :url })
-    expect(instance.url).to eq("https://example.com")
-  end
-
-  it "defaults sync_method to :poll" do
-    instance = described_class.new(required_options)
-
-    expect(instance.sync_method).to eq(:poll)
-  end
-
-  it "sets sync_method to :webhook if sync_secret provided" do
-    instance = described_class.new(required_options.merge({
-      sync_secret: "secret",
-    }))
-
-    expect(instance.sync_method).to eq(:webhook)
-    expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
-  end
-
-  it "sets sync_method to :webhook if FLIPPER_CLOUD_SYNC_SECRET set" do
-    ENV["FLIPPER_CLOUD_SYNC_SECRET"] = "abc"
-    instance = described_class.new(required_options)
-
-    expect(instance.sync_method).to eq(:webhook)
-    expect(instance.adapter).to be_instance_of(Flipper::Adapters::DualWrite)
-  end
-
-  it "can set sync_secret" do
-    instance = described_class.new(required_options.merge(sync_secret: "from_config"))
-      expect(instance.sync_secret).to eq("from_config")
-  end
-
-  it "can override sync_secret using ENV var" do
-    ENV["FLIPPER_CLOUD_SYNC_SECRET"] = "from_env"
-    instance = described_class.new(required_options.reject { |k, v| k == :sync_secret })
-    expect(instance.sync_secret).to eq("from_env")
-  end
-
-  it "can sync with cloud" do
-    body = JSON.generate({
-      "features": [
-        {
-          "key": "search",
-          "state": "on",
-          "gates": [
-            {
-              "key": "boolean",
-              "name": "boolean",
-              "value": true
-            },
-            {
-              "key": "groups",
-              "name": "group",
-              "value": []
-            },
-            {
-              "key": "actors",
-              "name": "actor",
-              "value": []
-            },
-            {
-              "key": "percentage_of_actors",
-              "name": "percentage_of_actors",
-              "value": 0
-            },
-            {
-              "key": "percentage_of_time",
-              "name": "percentage_of_time",
-              "value": 0
-            }
-          ]
-        },
-        {
-          "key": "history",
-          "state": "off",
-          "gates": [
-            {
-              "key": "boolean",
-              "name": "boolean",
-              "value": false
-            },
-            {
-              "key": "groups",
-              "name": "group",
-              "value": []
-            },
-            {
-              "key": "actors",
-              "name": "actor",
-              "value": []
-            },
-            {
-              "key": "percentage_of_actors",
-              "name": "percentage_of_actors",
-              "value": 0
-            },
-            {
-              "key": "percentage_of_time",
-              "name": "percentage_of_time",
-              "value": 0
-            }
-          ]
-        }
-      ]
-    })
-    stub = stub_request(:get, "https://www.flippercloud.io/adapter/features?exclude_gate_names=true").
-      with({
-        headers: {
-          'Flipper-Cloud-Token'=>'asdf',
-        },
-      }).to_return(status: 200, body: body, headers: {})
-    instance = described_class.new(required_options)
-    instance.sync
-
-    # Check that remote was fetched.
-    expect(stub).to have_been_requested
-
-    # Check that local adapter really did sync.
-    local_adapter = instance.local_adapter
-    all = local_adapter.get_all
-    expect(all.keys).to eq(["search", "history"])
-    expect(all["search"][:boolean]).to eq("true")
-    expect(all["history"][:boolean]).to eq(nil)
-  end
-
-  it "can setup brow to report events to cloud" do
-    # skip logging brow
-    Brow.logger = Logger.new(File::NULL)
-    brow = described_class.new(required_options).brow
-
-    stub = stub_request(:post, "https://www.flippercloud.io/adapter/events")
-      .with { |request|
-        data = JSON.parse(request.body)
-        data.keys == ["uuid", "messages"] && data["messages"] == [{"n" => 1}]
-      }
-      .to_return(status: 201, body: "{}", headers: {})
-
-    brow.push({"n" => 1})
-    brow.worker.stop
-    expect(stub).to have_been_requested.times(1)
-  end
-end

data/spec/flipper/cloud/dsl_spec.rb

@@ -1,82 +0,0 @@
-require 'flipper/cloud/configuration'
-require 'flipper/cloud/dsl'
-require 'flipper/adapters/operation_logger'
-require 'flipper/adapters/instrumented'
-
-RSpec.describe Flipper::Cloud::DSL do
-  it 'delegates everything to flipper instance' do
-    cloud_configuration = Flipper::Cloud::Configuration.new({
-      token: "asdf",
-      sync_secret: "tasty",
-    })
-    dsl = described_class.new(cloud_configuration)
-    expect(dsl.features).to eq(Set.new)
-    expect(dsl.enabled?(:foo)).to be(false)
-  end
-
-  it 'delegates sync to cloud configuration' do
-    stub = stub_request(:get, "https://www.flippercloud.io/adapter/features?exclude_gate_names=true").
-      with({
-        headers: {
-          'Flipper-Cloud-Token'=>'asdf',
-        },
-      }).to_return(status: 200, body: '{"features": {}}', headers: {})
-    cloud_configuration = Flipper::Cloud::Configuration.new({
-      token: "asdf",
-      sync_secret: "tasty",
-    })
-    dsl = described_class.new(cloud_configuration)
-    dsl.sync
-    expect(stub).to have_been_requested
-  end
-
-  it 'delegates sync_secret to cloud configuration' do
-    cloud_configuration = Flipper::Cloud::Configuration.new({
-      token: "asdf",
-      sync_secret: "tasty",
-    })
-    dsl = described_class.new(cloud_configuration)
-    expect(dsl.sync_secret).to eq("tasty")
-  end
-
-  context "when sync_method is webhook" do
-    let(:local_adapter) do
-      Flipper::Adapters::OperationLogger.new Flipper::Adapters::Memory.new
-    end
-
-    let(:cloud_configuration) do
-      cloud_configuration = Flipper::Cloud::Configuration.new({
-        token: "asdf",
-        sync_secret: "tasty",
-        local_adapter: local_adapter
-      })
-    end
-
-    subject do
-      described_class.new(cloud_configuration)
-    end
-
-    it "sends reads to local adapter" do
-      subject.features
-      subject.enabled?(:foo)
-      expect(local_adapter.count(:features)).to be(1)
-      expect(local_adapter.count(:get)).to be(1)
-    end
-
-    it "sends writes to cloud and local" do
-      add_stub = stub_request(:post, "https://www.flippercloud.io/adapter/features").
-        with({headers: {'Flipper-Cloud-Token'=>'asdf'}}).
-        to_return(status: 200, body: '{}', headers: {})
-      enable_stub = stub_request(:post, "https://www.flippercloud.io/adapter/features/foo/boolean").
-        with(headers: {'Flipper-Cloud-Token'=>'asdf'}).
-        to_return(status: 200, body: '{}', headers: {})
-
-      subject.enable(:foo)
-
-      expect(local_adapter.count(:add)).to be(1)
-      expect(local_adapter.count(:enable)).to be(1)
-      expect(add_stub).to have_been_requested
-      expect(enable_stub).to have_been_requested
-    end
-  end
-end

data/spec/flipper/cloud/engine_spec.rb

@@ -1,95 +0,0 @@
-require 'rails'
-require 'flipper/cloud'
-
-RSpec.describe Flipper::Cloud::Engine do
-  let(:env) do
-    { "FLIPPER_CLOUD_TOKEN" => "test-token" }
-  end
-
-  let(:application) do
-    Class.new(Rails::Application) do
-      config.eager_load = false
-      config.logger = ActiveSupport::Logger.new($stdout)
-    end
-  end
-
-  # App for Rack::Test
-  let(:app) { application.routes }
-
-  before do
-    Rails.application = nil
-    ActiveSupport::Dependencies.autoload_paths = ActiveSupport::Dependencies.autoload_paths.dup
-    ActiveSupport::Dependencies.autoload_once_paths = ActiveSupport::Dependencies.autoload_once_paths.dup
-
-    # Force loading of flipper to configure itself
-    load 'flipper/cloud.rb'
-  end
-
-  it "initializes cloud configuration" do
-    stub_request(:get, /flippercloud\.io/).to_return(status: 200, body: "{}")
-
-    ENV.update(env)
-    application.initialize!
-
-    expect(Flipper.instance).to be_a(Flipper::Cloud::DSL)
-    expect(Flipper.instance.instrumenter).to be(ActiveSupport::Notifications)
-  end
-
-  context "with CLOUD_SYNC_SECRET" do
-    before do
-      env.update "FLIPPER_CLOUD_SYNC_SECRET" => "test-secret"
-    end
-
-    let(:request_body) do
-      JSON.generate({
-        "environment_id" => 1,
-        "webhook_id" => 1,
-        "delivery_id" => SecureRandom.uuid,
-        "action" => "sync",
-      })
-    end
-    let(:timestamp) { Time.now }
-    let(:signature) {
-      Flipper::Cloud::MessageVerifier.new(secret: env["FLIPPER_CLOUD_SYNC_SECRET"]).generate(request_body, timestamp)
-    }
-    let(:signature_header_value) {
-      Flipper::Cloud::MessageVerifier.new(secret: "").header(signature, timestamp)
-    }
-
-    it "configures webhook app" do
-      ENV.update(env)
-      application.initialize!
-
-      stub = stub_request(:get, "https://www.flippercloud.io/adapter/features?exclude_gate_names=true").with({
-        headers: { "Flipper-Cloud-Token" => ENV["FLIPPER_CLOUD_TOKEN"] },
-      }).to_return(status: 200, body: JSON.generate({ features: {} }), headers: {})
-
-      post "/_flipper", request_body, { "HTTP_FLIPPER_CLOUD_SIGNATURE" => signature_header_value }
-
-      expect(last_response.status).to eq(200)
-      expect(stub).to have_been_requested
-    end
-  end
-
-  context "without CLOUD_SYNC_SECRET" do
-    it "does not configure webhook app" do
-      ENV.update(env)
-      application.initialize!
-
-      post "/_flipper"
-      expect(last_response.status).to eq(404)
-    end
-  end
-
-  context "without FLIPPER_CLOUD_TOKEN" do
-    it "gracefully skips configuring webhook app" do
-      ENV["FLIPPER_CLOUD_TOKEN"] = nil
-      application.initialize!
-      expect(silence { Flipper.instance }).to match(/Missing FLIPPER_CLOUD_TOKEN/)
-      expect(Flipper.instance).to be_a(Flipper::DSL)
-
-      post "/_flipper"
-      expect(last_response.status).to eq(404)
-    end
-  end
-end

data/spec/flipper/cloud/message_verifier_spec.rb

@@ -1,104 +0,0 @@
-require 'flipper/cloud/message_verifier'
-
-RSpec.describe Flipper::Cloud::MessageVerifier do
-  let(:payload) { "some payload" }
-  let(:secret) { "secret" }
-  let(:timestamp) { Time.now }
-
-  describe "#generate" do
-    it "generates signature that can be verified" do
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
-      signature = message_verifier.generate(payload, timestamp)
-      header = generate_header(timestamp: timestamp, signature: signature)
-      expect(message_verifier.verify(payload, header)).to be(true)
-    end
-  end
-
-  describe "#header" do
-    it "generates a header in valid format" do
-      version = "v1"
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret, version: version)
-      signature = message_verifier.generate(payload, timestamp)
-      header = message_verifier.header(signature, timestamp)
-      expect(header).to eq("t=#{timestamp.to_i},#{version}=#{signature}")
-    end
-  end
-
-  describe ".header" do
-    it "generates a header in valid format" do
-      version = "v1"
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret, version: version)
-      signature = message_verifier.generate(payload, timestamp)
-
-      header = Flipper::Cloud::MessageVerifier.header(signature, timestamp, version)
-      expect(header).to eq("t=#{timestamp.to_i},#{version}=#{signature}")
-    end
-  end
-
-  describe "#verify" do
-    it "raises a InvalidSignature when the header does not have the expected format" do
-      header = "i'm not even a real signature header"
-      expect {
-        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
-        message_verifier.verify(payload, header)
-      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, "Unable to extract timestamp and signatures from header")
-    end
-
-    it "raises a InvalidSignature when there are no signatures with the expected version" do
-      header = generate_header(version: "v0")
-      expect {
-        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
-        message_verifier.verify(payload, header)
-      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, /No signatures found with expected version/)
-    end
-
-    it "raises a InvalidSignature when there are no valid signatures for the payload" do
-      header = generate_header(signature: "bad_signature")
-      expect {
-        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
-        message_verifier.verify(payload, header)
-      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, "No signatures found matching the expected signature for payload")
-    end
-
-    it "raises a InvalidSignature when the timestamp is not within the tolerance" do
-      header = generate_header(timestamp: Time.now - 15)
-      expect {
-        message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
-        message_verifier.verify(payload, header, tolerance: 10)
-      }.to raise_error(Flipper::Cloud::MessageVerifier::InvalidSignature, /Timestamp outside the tolerance zone/)
-    end
-
-    it "returns true when the header contains a valid signature and the timestamp is within the tolerance" do
-      header = generate_header
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: "secret")
-      expect(message_verifier.verify(payload, header, tolerance: 10)).to be(true)
-    end
-
-    it "returns true when the header contains at least one valid signature" do
-      header = generate_header + ",v1=bad_signature"
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
-      expect(message_verifier.verify(payload, header, tolerance: 10)).to be(true)
-    end
-
-    it "returns true when the header contains a valid signature and the timestamp is off but no tolerance is provided" do
-      header = generate_header(timestamp: Time.at(12_345))
-      message_verifier = Flipper::Cloud::MessageVerifier.new(secret: secret)
-      expect(message_verifier.verify(payload, header)).to be(true)
-    end
-  end
-
-  private
-
-  def generate_header(options = {})
-    options[:secret] ||= secret
-    options[:version] ||= "v1"
-
-    message_verifier = Flipper::Cloud::MessageVerifier.new(secret: options[:secret], version: options[:version])
-
-    options[:timestamp] ||= timestamp
-    options[:payload] ||= payload
-    options[:signature] ||= message_verifier.generate(options[:payload], options[:timestamp])
-
-    Flipper::Cloud::MessageVerifier.header(options[:signature], options[:timestamp], options[:version])
-  end
-end